Decal España Ransomware Attack Exposes Energy Sector Risks
Incident Date:
September 30, 2024
Overview
Title
Decal España Ransomware Attack Exposes Energy Sector Risks
Victim
Decal España
Attacker
Black Suit
Location
First Reported
September 30, 2024
Ransomware Attack on Decal España: A Detailed Analysis
Decal España, a key player in the storage and handling of petroleum products, chemicals, and gases, has recently been targeted by the BlackSuit ransomware group. This attack, discovered on October 1, 2024, highlights the vulnerabilities faced by companies in the energy, utilities, and waste sector.
Company Profile: Decal España
Established in 1988 and headquartered in Barcelona, Decal España is a subsidiary of the Italian Decal S.p.A. The company operates two main terminals in Barcelona and Huelva, with the Barcelona terminal alone covering an area of 120,708 m² and a storage capacity of 495,000 m³. Decal España is renowned for its comprehensive service offerings, including product blending and quality control, which cater to a diverse clientele across various sectors. With a workforce of approximately 96 employees, the company generates an annual revenue estimated between €10 million and €50 million.
Attack Overview
The BlackSuit ransomware group, known for its double extortion tactics, has claimed responsibility for the attack on Decal España. The group typically exfiltrates sensitive data before encrypting files, threatening to publish the data if the ransom is not paid. The extent of the data leak from Decal España remains unclear, but the attack underscores the risks faced by companies handling hazardous materials.
BlackSuit Ransomware Group
Emerging as a successor to the Royal ransomware family, BlackSuit has been active since early 2023. The group distinguishes itself through sophisticated tactics, including phishing emails for initial access and disabling antivirus software to exfiltrate data. Ransom demands from BlackSuit range from $1 million to $10 million, with payments typically requested in Bitcoin. The group has targeted various sectors, with a notable focus on high-value targets such as healthcare and media companies.
Potential Vulnerabilities
Decal España's strategic location in major ports and its handling of sensitive materials make it an attractive target for ransomware groups like BlackSuit. The company's reliance on digital systems for logistics and storage solutions may have provided an entry point for the attackers. The use of phishing emails as an initial access method suggests that employee awareness and cybersecurity measures could be areas for improvement.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.